The QuantumRISC project, funded by the German Federal Ministry of Education and Research (BMBF), aims to transition post‑quantum cryptography (PQC) from theory to practical use on resource‑constrained embedded devices such as automotive control units, industrial controllers and telecommunications equipment. MTG AG participates as a partner, concentrating on software implementations and the integration of PQC primitives into widely used cryptographic protocols, notably X.509 and TLS.

During the first work package, MTG AG examined industrial requirements for PQC and surveyed the current state of research. The company focused on public‑key infrastructure (PKI) use cases, analysing how PQC data formats could be embedded in X.509 certificates and what policy changes would be necessary. The findings were published jointly with other partners at international forums. In the second package, the team evaluated a range of PQC signature schemes, including stateful constructions, and narrowed the selection to Classic McEliece and SPHINCS+. The focus was on reducing the memory footprint of these algorithms, which is critical for embedded platforms where large public keys or signatures can dominate storage. MTG AG developed optimized software implementations, applied hardening techniques, and integrated the schemes into TLS 1.3. An automated test harness built on the OpenSSL fork from the Open Quantum Safe project measured the impact of different signature algorithms on TLS handshake performance. The results guided the prioritisation of algorithms for further development.

Hardware‑software co‑design was another key activity. MTG AG investigated the interfaces of target platforms and adapted its software to run efficiently on both embedded and server devices. In collaboration with Fraunhofer SIT, a prototype was created that streams SPHINCS+ signatures directly into the TPM 2.0 protocol, demonstrating a practical method to reduce signature size on the device side. A demonstrator architecture was designed to showcase the integration of PQC into existing PKI workflows, and the prototype was used to validate the end‑to‑end operation of the system.

All software artifacts, including the TLS integration and the TPM streaming prototype, were released as open‑source projects, enabling the wider community to evaluate and build upon the work. MTG AG also presented the scientific results at several international conferences, publishing joint papers with other QuantumRISC partners. Through these activities, the company gained deep expertise in PQC algorithm design, memory‑efficient implementation, constant‑time coding to mitigate side‑channel attacks, and the practical aspects of combining classical and post‑quantum primitives in real‑world protocols.

The knowledge acquired during QuantumRISC directly benefits MTG AG’s ongoing QuantID project, also funded by the BMBF, which focuses on quantum‑secure authentication and authorization using quantum random number generators. The PQC insights enable the provision of quantum‑secure certificates for authentication flows in QuantID.

Looking ahead, MTG AG anticipates that once NIST standardises PQC algorithms, many organisations will need to migrate from classical to post‑quantum solutions. The company is positioning itself to offer consulting services for this migration phase, advising on product adaptation and integration of PQC into existing security stacks. The experience gained in the QuantumRISC project therefore not only enhances MTG AG’s technical capabilities but also opens new business opportunities in the emerging quantum‑secure market.